<?php 

if(!$dbconnect = mysql_connect('localhost', 'zapp', 'create01')) {
   echo "Connection failed to the host 'localhost'.";
   exit;
} // if
if (!mysql_select_db('zapp')) {
   echo "Cannot connect to database 'test'";
   exit;
} // if

if (isset($_REQUEST["user"])){
	$user = $_REQUEST["user"];
	$pass = $_REQUEST["pass"];
	$res = getUserByEmailAndPassword($user, $pass);
	if ($res != false){
		$table_id = 'users';
		$query = "SELECT * FROM $table_id WHERE email = '$user'";
		$dbresult = mysql_query($query);
		$doc = new DomDocument('1.0');
		$root = $doc->createElement('root');
		$root = $doc->appendChild($root);
		while($row = mysql_fetch_assoc($dbresult)) {
		 $occ = $doc->createElement("user");
		 $uid = $row['unique_id'];
		 $occ = $root->appendChild($occ);
		 foreach ($row as $fieldname => $fieldvalue) {
		 $child = $doc->createElement($fieldname);
			$child = $occ->appendChild($child);
			$value = $doc->createTextNode($fieldvalue);
			$value = $child->appendChild($value);
			  } // foreach
		} // while
		$table_id = 'handsets';
		$query = "SELECT * FROM $table_id WHERE unique_id = '$uid'";
		$dbresult = mysql_query($query);
		while($row = mysql_fetch_assoc($dbresult)) {
		 $occ = $doc->createElement("handset");
		 $uid = $row['unique_id'];
		 $occ = $root->appendChild($occ);
		 foreach ($row as $fieldname => $fieldvalue) {
		 $child = $doc->createElement($fieldname);
			$child = $occ->appendChild($child);
			$value = $doc->createTextNode($fieldvalue);
			$value = $child->appendChild($value);
			  } // foreach
		}
		$xml_string = $doc->saveXML();
		echo $xml_string;
	}
}
function getUserByEmailAndPassword($email, $password) {
        $result = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error());
        // check for result 
        $no_of_rows = mysql_num_rows($result);
        if ($no_of_rows > 0) {
            $result = mysql_fetch_array($result);
            $salt = $result['salt'];
			$id = $result['uid'];
			$hostname = $_SERVER["REMOTE_ADDR"];
            $encrypted_password = $result['encrypted_password'];
            $hash = checkhashSSHA($salt, $password);
			
            // check for password equality
            if ($encrypted_password == $hash) {
                // user authentication details are correct
				mysql_query("UPDATE users SET last_host = '$hostname' WHERE uid ='$id'");
                return $result;
            }
        } else {
            // user not found
            return false;
        }
    }
function hashSSHA($password) {

        $salt = sha1(rand());
        $salt = substr($salt, 0, 10);
        $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
        $hash = array("salt" => $salt, "encrypted" => $encrypted);
        return $hash;
    }

    /**
     * Decrypting password
     * @param salt, password
     * returns hash string
     */
function checkhashSSHA($salt, $password) {

        $hash = base64_encode(sha1($password . $salt, true) . $salt);

        return $hash;
    }
?> 